make upgrade a bit more seamless

lib/auth/default_current_user_provider.rb

@@ -8,6 +8,13 @@ class Auth::DefaultCurrentUserProvider
   TOKEN_COOKIE ||= "_t".freeze
   PATH_INFO ||= "PATH_INFO".freeze
 
+  # TODO remove this stuff in 2017 was only added to smoothen the upgrade process
+  def self.has_auth_token_updated_at?
+    (@has_auth_token_updated_at ||=
+      User.column_names.include?("auth_token_updated_at") ? :true : :false
+    ) == :true
+  end
+
   # do all current user initialization here
   def initialize(env)
     @env = env
@@ -36,10 +43,12 @@ class Auth::DefaultCurrentUserProvider
     current_user = nil
 
     if auth_token && auth_token.length == 32
-      current_user = User.where(auth_token: auth_token)
+      if ::Auth::DefaultCurrentUserProvider.has_auth_token_updated_at?
-                         .where('auth_token_updated_at IS NULL OR auth_token_updated_at > ?',
+        current_user = User.find_by("auth_token = ? AND (auth_token_updated_at IS NULL OR auth_token_updated_at > ?)",
-                                  SiteSetting.maximum_session_age.hours.ago)
+                                    auth_token, SiteSetting.maximum_session_age.hours.ago)
-                         .first
+      else
+        current_user = User.find_by(auth_token: auth_token)
+      end
     end
 
     if current_user && (current_user.suspended? || !current_user.active)
@@ -65,7 +74,10 @@ class Auth::DefaultCurrentUserProvider
   end
 
   def refresh_session(user, session, cookies)
-    if user && (!user.auth_token_updated_at || user.auth_token_updated_at <= 1.hour.ago)
+    if  user &&
+        ::Auth::DefaultCurrentUserProvider.has_auth_token_updated_at? &&
+        (!user.auth_token_updated_at || user.auth_token_updated_at <= 1.hour.ago)
+
       user.update_column(:auth_token_updated_at, Time.zone.now)
       cookies[TOKEN_COOKIE] = { value: user.auth_token, httponly: true, expires: SiteSetting.maximum_session_age.hours.from_now }
     end